Pando: Building a Resilient Infrastructure

About Customer

 

Pando, a leading global supply chain technology company, is renowned for its AI-powered Fulfillment Cloud platform. With a comprehensive solution for manufacturers, retailers, and 3PLs, Pando enables streamlined logistics management, improved service levels, reduced costs, and a smaller carbon footprint. Recognized by prestigious organizations like the World Economic Forum and Deloitte, Pando serves as a trusted partner for Fortune 500 enterprises worldwide. Seeking scalability and enhanced security, Pando embarked on a migration journey from to AWS, harnessing the power of the cloud to elevate its innovative platform and deliver exceptional supply chain solutions to its global clientele.

Executive Summary

 

Pando, a global supply chain technology company known for its AI-powered Fulfillment Cloud platform, partnered with Comprinno to migrate to AWS Cloud. With a focus on scalability and security, Pando sought to enhance its infrastructure and ensure high availability. Through a meticulous evaluation process and the adoption of AWS best practices, Comprinno successfully guided Pando through a seamless migration, enabling Pando to leverage the full potential of AWS cloud.

Challenges

 

Pando wanted to achieve scalability and be assured of an overall robust solution. Additionally, Pando sought to enhance their API's performance by implementing API throttling and rate-limiting mechanisms. Efficient managing and controlling the flow of API requests was desired to prevent overload and optimize resource utilization.

Pando: Building a Resilient Infrastructure

Solution

 

To address Pando's challenges and meet its migration goals, Comprinno designed and implemented a comprehensive solution that encompassed various aspects of availability, observability, network topology, and security. The solution leveraged AWS services and best practices to ensure a seamless and successful migration to AWS.

Pando: Building a Resilient Infrastructure

The architecture utilizes multiple Availability Zones (AZs) within AWS regions to achieve high availability. By spreading resources across AZs, the system can continue functioning even if one AZ becomes unavailable. Load balancers are implemented to distribute traffic across instances and AZs, ensuring redundancy and fault tolerance. 

 

All microservices were rehosted on the ECS cluster(Blue/Green) and internally exposed

through internally facing NLB. APIs are publicly accessible through an API gateway via a

custom domain. The databases used are RDS Postgres instance and Redis. 

 

The architecture incorporates auto-scaling mechanisms that dynamically adjust resources to meet demand, thereby optimizing performance and availability. Resilience is enhanced through the integration of self-healing components. 

 

In Amazon ECS, unhealthy tasks/container are automatically detected and replaced, with restarts occurring across the AZs within the AWS Region. AWS services like Auto Scaling Groups monitors container health and proactively replace or redistribute resources in the event of failures. This automated recovery process minimizes downtime and ensures uninterrupted availability without the need for manual intervention. 

 

To enhance fault isolation, the solution employs a multi-account strategy. This approach facilitates logical separation of resources and enforces strict access controls to prevent widespread disruptions. A Management Account is created using AWS Organizations, while separate accounts are established for production, non-production, logging, audit, and security purposes. 

 

For data resilience and redundancy, Amazon RDS offers built-in replication mechanisms that replicate data across multiple AZs. Additionally, AWS Backup is periodically executed to ensure data protection and recovery capabilities.

 

AWS CloudWatch, a centralized monitoring and management service, played a crucial role in monitoring the health and performance of Pando's resources. The logs from ECS were directed to CloudWatch log groups, allowing Pando to visualize metrics and monitor the application's health through CloudWatch dashboards. Alerts and notifications were set up to promptly notify stakeholders of any downtime experienced, ensuring proactive issue resolution. By utilizing CloudWatch metrics, Pando could monitor other managed services like RDS and Load Balancers, providing a comprehensive view of their infrastructure's operational condition.

 

To enhance awareness and notification capabilities, Pando utilized Amazon EventBridge to create health notifications for AWS services. An EventBridge rule was created and integrated with Amazon SNS for service notifications. Stakeholders received SNS email subscriptions to stay informed about any critical service updates or incidents. This approach ensured that Pando had real-time visibility into the availability and health of their AWS resources.

 

Comprinno implemented a highly available DNS solution using Amazon Route53, a scalable and reliable cloud domain name system. Route 53 played a vital role in directing and supporting health checks, continuously monitoring the availability of resources and automatically routing traffic to healthy endpoints. Additionally, Route53 provided DNS failover capabilities, redirecting traffic to alternate resources in the event of a failure, and ensuring uninterrupted DNS resolution.

 

Infrastructure was automated using Terraform.  This approach allowed for consistent and auditable deployments, ensuring that infrastructure changes were managed effectively. The Terraform code was stored in GitHub, enabling version control and collaboration among the development team.

 

AWS Config and AWS CloudTrail were implemented to provide detailed views of the configuration of AWS resources and track changes over time. AWS Config allowed Pando to assess resource configuration compliance against desired configurations and detect any unauthorized changes. AWS CloudTrail served as a comprehensive audit trail of all actions taken within Pando's AWS account, enabling monitoring and validation of changes as part of their change management process. 


CI/CD pipeline was built for automated deployments. Deployment is triggered whenever code is committed to GitHub repository. AWS CodeBuild was used for building the docker image and then the image was pushed to AWS ECR (Elastic Container Registry). The built-in capability of ECR to scan docker images for known vulnerabilities was leveraged and the pipeline proceeds to deployment only when no Critical OR High severity vulnerabilities are reported by ECR.

A notification alert was setup using AWS SNS to report developers about the failed pipeline.

Pando: Building a Resilient Infrastructure

Benefits:

- Migrated architecture guarantees up to 99.99% durability, 99.5% availability, and high scalability.

- Scalable architecture: Pando achieved the ability to handle traffic spikes and scale resources dynamically, ensuring a seamless user experience even during peak periods.

- Blue/green deployments with CI/CD: It helped to ensure that creating a separate green environment doesn't impact the resources supporting your existing blue environment. This approach reduced the risk when new changes were deployed.

- Enhanced observability: Through the use of AWS CloudWatch, Pando gained comprehensive insights into their application's health and performance, enabling proactive monitoring and issue resolution.

- Improved network management: Utilizing AWS services like Amazon VPC Flow Logs and AWS Network Manager, Pando gained visibility into network bandwidth, latency, and performance, ensuring optimized network operations.

- Change management and infrastructure as code: The adoption of Terraform, AWS Config, and AWS CloudTrail allowed for controlled and auditable deployments, ensuring consistent configuration and change management practices.

- ECR vulnerability scanning: This helped in scanning vulnerabilities of the Docker image.

Related Case Studies

Fibe collaborates with Comprinno to build a resilient architecture
Fibe (formerly EarlySalary) is one of India's leading consumer lending apps focused on young working professionals. Their mission is to create a financial ecosystem that helps mid-income groups fulfill their aspirations and drive affordability at scale.
Cometchat modernizes its infrastructure using Amazon ECS
A pioneer in user-friendly communication platforms, CometChat empowers websites and applications with seamless text chat, voice, and video functionalities.
A Winning Formula: LightMetrics and Comprinno’s Collaboration for Operational Brilliance
LightMetrics revolutionizes commercial fleets with RideView video telematics
Youvah’s journey to efficiency with AWS infrastructure adoption
Youvah is India's First Internship Platform for teenagers. They are an IIM Bangalore Incubated
Highway Delite adopts a resilient AWS architecture
Highway Delite is a pioneering travel app specifically designed
Pando: Building a Resilient Infrastructure
Pando, a leading global supply chain technology company, is renowned
Skill-Lync migrates to AWS from Digital Ocean
Skill-Lync offers industry-relevant advanced engineering courses for engineering students
Leher migrates to AWS
Leher provides tools to creators for hosting exclusive communities
ISO 27001 compliant architecture
ISO 27001 compliant AWS infrastructure architected by Comprinno
Secure AWS architecture with data localization
FinTech company allies with Comprinno to clear data localization audit
GigsBoard
GigsBoard migrates to AWS with assistance from Comprinno
Bigyellowfish Technologies
Bigyellowfish engages with Comprinno to conduct a Well-Architected Review
Klub
Klub fortifies its AWS Cloud infrastructure by partnering with Comprinno
Neural Hive
Neural Hive launches its cloud journey by partnering with AWS and Comprinno
AyuRythm
AyuRythm gears up for high demand volumes for its wellness app
FinTech case study
Asia’s largest Fintech company partners with Comprinno for a PCI DSS Compliant infrastructure
boAt
DynamoDB Cost Optimization For boAt
Portea
AWS inter-region migration in record time during Covid-19 lockdown period
MediBuddy
Cutting edge cloud technology solution for India’s leading healthcare service provider
Mantle Labs  
High-Speed Satellite Image Processing for a Partner Geobotanic AI Platform
LightMetrics
Distributed database that is optimized for Partner handling heavy workloads for an AI platform
Ephicacy
AWS Workspace-based virtual office for a global Clinical Research Organization (CRO)
CreditMantri
Secure CRM access to WFH telemarketer during Covid-19 lockdown